Blogs & News

Back to articles

What is Microsoft MFA, why is it so important & what changes are coming?

Summary

Microsoft MFA stands for Microsoft Multi-Factor Authentication, which is a security feature that requires more than one method of authentication to verify a user’s identity and grant access to their account or device.

To make it harder for hackers to access your account or device, MFA adds an extra layer of protection, such as a phone call, text message, email, or app notification. However, as part of Microsoft’s security improvement plan, they are removing the MFA to text option for all users.

This blogs details all you need to know about Microsoft MFA and the upcoming changes.

Why is MFA so important?

Microsoft MFA is important because it adds an extra layer of protection against cyberattacks, such as phishing, password cracking, or credential theft.

By requiring a second factor, such as a phone call, text message, email, or app notification, Microsoft MFA makes it harder for hackers to access your account or device, even if they have your password.

Microsoft MFA can also help you comply with regulatory standards and industry best practices for data security. Microsoft MFA is available for Microsoft 365, Azure, and other Microsoft services and applications.

You can learn more about how to set up and use Microsoft MFA in our blog.

GCC offer security packs to help protect organisations to help manage, monitor and protect your IT infrastructure & data. You can find out what’s included in our security packs here.

Why is Microsoft retiring MFA to text as an option?

Microsoft is removing MFA to text as an option because it is considered a less secure method of authentication than other options, such as the Microsoft Authenticator app, phone calls, or security keys.

According to Microsoft, text messages can be intercepted, spoofed, or compromised by hackers, which can lead to account breaches or identity theft. Microsoft also states that text messages are not compliant with some industry standards and regulations, such as PCI DSS, NIST 800-63B, and GDPR.

Microsoft plans to phase out MFA to text by November 2023 for all users. Microsoft recommends that users switch to a more secure and convenient MFA option as soon as possible. You can find out how to change your MFA option from the official support page.

Can I still use text messages for MFA after November 2023?

Yes, you are able to use text messages for MFA until September 2024.

(As Microsoft are phasing it out from November 2023).

However, as part of its security improvement plan Microsoft recommend users switch to a more secure and convenient MFA option as soon as possible.

What is the Microsoft Authenticator app?

The Microsoft Authenticator app is a free app that you can download and install on your mobile device. It helps you sign into your online accounts more securely by using multi-factor authentication, passwordless, or password autofill.

  • Multi-factor authentication means that you need to provide more than one way to prove your identity, such as a password and a code or a notification sent to your phone.
  • Passwordless means that you can sign in without using a password, just by entering your username and approving a notification or using your fingerprint, face, or PIN.
  • Password autofill means that the app can store and fill in your passwords for you, so you don’t have to remember them or type them.

The app also lets you manage your Microsoft personal, work or school accounts and sync your passwords across your devices. You can use the app with Microsoft services like Outlook, OneDrive, Office, and more, as well as with other online accounts that support authenticator apps, such as Facebook, Amazon, Dropbox, Google, LinkedIn, GitHub, and more.


Further Information

If you have any questions about this or need assistance, then please contact the GCC Group Support Team on 0345 260 1151 or servicedesk@gccgroup.co.uk